Overview

overview

10

Static

static

8

URLScan

urlscan

10

https://dz1-ggfchhgj...

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    140s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    27-09-2021 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://dz1-ggfchhgjh-ugfgxh.s3.eu-central-1.amazonaws.com/index.html#[email protected]

  • Sample

    210927-vl8x7shefq

Score
10/10
microsoftphishingproduct:outlook

Malware Config

Signatures

  • Detected microsoft outlook phishing page
    phishingmicrosoftproduct:outlook
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://dz1-ggfchhgjh-ugfgxh.s3.eu-central-1.amazonaws.com/index.html#[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3624
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3624 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E698CCB2C296D265AC1A253974E09FD_D680439EDC5966E2AEEDE8C72390D434
    MD5

    66bbbd3b7a62ba56e176e7a7fbcc0b2a

    SHA1

    3233f77b8b093feae3d6951799d46b9c25dafcae

    SHA256

    7253964fe79bcd766f8a8b0d800d3536fda8687a4a3b498a0a169412454392d1

    SHA512

    0186e1474f95c9ac4849ec3acb1ec61f8510f0110f7fe25677d7b2adef289ab85f5547110296d7c949813f076103524d0dfd8cc7b88baa769e1cfe22805dbc98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
    MD5

    1804d32fba6725eae8ce6d9bda887051

    SHA1

    e09a5ddfe0090d1830619dd195bd2aa7e9bbdd09

    SHA256

    0450f3f6bf2159afcc7dd994d10e5a33533d884762aceb4a6d2f50a31ddb80f1

    SHA512

    3cf0e4b4ae6340f5413cd6de14e41bac6a4101ecc2702415005079fa412eb338604523b35b9d3e5144db6b8505fe410313e0e4ed5ab3adb3838498811f9b16c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    647b8d7bc982449272d66d17e09f119f

    SHA1

    fcee7e5a6ae28bbee3a7fe3ea22144b0c08f929e

    SHA256

    678a5f60df00580647a5434128825237050133fe3243aee397d68f4610e1b050

    SHA512

    21636b5a029afb2134b029db32f84a5ef0f143fbae4f377949a79cb0f453ac50dde473d1aab977d02724d7547b59d767ee03cf6f4de59deff0e81d3da90d5153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_D680439EDC5966E2AEEDE8C72390D434
    MD5

    7e8a2310376e1a6b8f1be6f75ad9259d

    SHA1

    c657144961b9a56aef90f9949ea52d4329de6774

    SHA256

    e0713b85eb241a55659becbc362478e6088793a6d915e55bc4ac6855592dec50

    SHA512

    b3958c017ebf63a3187b73e52b098a14bdb719f9b11dcc43c04833450dd8cd4c2d4b18e25cfc198325f9a183e7dea37269c504472279c952915a0cd88a81e5f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
    MD5

    5069aa2e6966acf42e9acebbf838c3a0

    SHA1

    119e325932fcca1fb8c601fed06a9581cacc9768

    SHA256

    a7bdcf6024c6b05f8479d46305dfda9afbabd0461cc9dfb4fb8ab9db89b5fe8f

    SHA512

    5dd7ecfac0f7b7527704dd604ee6f5c22db6fccd2dc67d7412652e76192d2dfe98fd05472ede76fabb6924693d66ad4e09749a92284abe50eddcd56d797ba820

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    986fa7eaf5481155e0d8103623d7ef2d

    SHA1

    9edfca5801bcbd63f0c4169e0009c351fc178bfc

    SHA256

    d3a22ad831fe1b61993551495e548c403b8a6da28df36e55355235fa15b8230d

    SHA512

    5ccd8e78a9aed07c40be813f468d6d1819b2a74ad7c350dbc5bfe18dccd5ad55db02e3d9111904966b80965fbccf11db1862a9491a9e94986082dcbdb421eb25

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HHFC2LUG.cookie
    MD5

    db2df8bb89bcc9916cfd03882b833c7f

    SHA1

    d83af652b23a9b201813b9242d010b43060643fe

    SHA256

    cacaab342d710e0c47edb4f99c309a956f649b8f458a78dbbedff1f36210b232

    SHA512

    f957bbb8ed0972a12f4a032d8a0d6bd2c58948ac914b8096ce7cddb2f5b7a6e7ecb0516dd12cef1273281d09af5ff1507aa01d8926ee9b235990c12080eb5b32

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MFCQYE9G.cookie
    MD5

    fe2ad8aada202eaa46fe137354ec083c

    SHA1

    09db9b0e22c31e14e3a77cd670e35d40b19f02b8

    SHA256

    b421c8a231683038a1ef4c17eb69a8e028d294ea008f452771885abd90297fc8

    SHA512

    f35de55c1e1dd81048ae9626dd9ecf736756b38c3f9b8d20d2102ab0410be63dc4c16c79656e515df695cdeed7e92951a93b4c60b6c28109e9e4f90fc33ab34f

    Download Submit

  • memory/3624-115-0x00007FFC0B190000-0x00007FFC0B1FB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/4140-116-0x0000000000000000-mapping.dmp

    Download